BID:58549

Ruby on Rails CVE-2013-1854 Remote Denial of Service Vulnerability

Info

Ruby on Rails CVE-2013-1854 Remote Denial of Service Vulnerability

Bugtraq ID:	58549
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2013-1854
Remote:	Yes
Local:	No
Published:	Mar 18 2013 12:00AM
Updated:	Apr 13 2015 09:35PM
Credit:	Ben Murphy
Vulnerable:	Ruby on Rails Ruby on Rails 3.2.12 Ruby on Rails Ruby on Rails 3.2.11 Ruby on Rails Ruby on Rails 3.2.10 Ruby on Rails Ruby on Rails 3.2.8 Ruby on Rails Ruby on Rails 3.2.7 Ruby on Rails Ruby on Rails 3.2.6 Ruby on Rails Ruby on Rails 3.2.4 Ruby on Rails Ruby on Rails 3.2.2 Ruby on Rails Ruby on Rails 3.1.11 Ruby on Rails Ruby on Rails 3.1.9 Ruby on Rails Ruby on Rails 3.1.8 Ruby on Rails Ruby on Rails 3.1.7 Ruby on Rails Ruby on Rails 3.1.6 Ruby on Rails Ruby on Rails 3.1.5 Ruby on Rails Ruby on Rails 3.1.4 Ruby on Rails Ruby on Rails 3.1.2 Ruby on Rails Ruby on Rails 3.1 Ruby on Rails Ruby on Rails 2.3.17 Ruby on Rails Ruby on Rails 2.3.16 Ruby on Rails Ruby on Rails 2.3.15 Ruby on Rails Ruby on Rails 2.3.11 Ruby on Rails Ruby on Rails 2.3.10 Ruby on Rails Ruby on Rails 2.3.9 Ruby on Rails Ruby on Rails 2.3.5 Ruby on Rails Ruby on Rails 2.3.4 Ruby on Rails Ruby on Rails 2.3.3 Ruby on Rails Ruby on Rails 2.3.2 Ruby on Rails Ruby on Rails 3.2 Ruby on Rails Ruby on Rails 2.3.14 Ruby on Rails Ruby on Rails 2.3.13 Ruby on Rails Ruby on Rails 2.3.12 Redhat OpenShift Enterprise 1.1.3 IBM Security Network Protection XGS 5000 5.0 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Apple Mac OS X Server 10.7.5 Apple Mac OS X Server 2.2.2 Apple Mac OS X Server 2.2.1 Apple Mac OS X Server 2.1.1 Apple Mac OS X Server 2.1 Apple Mac OS X Server 2.0 Apple Mac OS X Server 10.7.4 Apple Mac OS X Server 10.7.3 Apple Mac OS X Server 10.7.1 Apple Mac OS X Server 10.7 Apple Mac OS X Server 10.6.8 Apple Mac OS X 10.8.2 Apple Mac OS X 10.8.1 Apple Mac OS X 10.7.5 Apple Mac OS X 10.8.3 Apple Mac OS X 10.8 Apple Mac OS X 10.7.4 Apple Mac OS X 10.7.3 Apple Mac OS X 10.7.2 Apple Mac OS X 10.7.1 Apple Mac OS X 10.7 Apple Mac OS X 10.6.8

Not Vulnerable:	Ruby on Rails Ruby on Rails 3.2.13 Ruby on Rails Ruby on Rails 3.1.12 Ruby on Rails Ruby on Rails 2.3.18 IBM Security Network Protection XGS 5000 5.1 Apple Mac OS X Server 3.0 Apple Mac OS X 10.8.4

Discussion

Ruby on Rails CVE-2013-1854 Remote Denial of Service Vulnerability

Ruby on Rails is prone to a denial-of-service vulnerability.

Remote attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to Ruby on Rails 3.2.13, 3.1.12, and 2.3.18 are vulnerable.

Solution / Fix

Ruby on Rails CVE-2013-1854 Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple Mac OS X 10.8.3

Apple OSXUpd10.8.4.dmg
For OS X Mountain Lion v10.8.3
http://www.apple.com/support/downloads/

Apple Mac OS X 10.8

Apple OSXUpdCombo10.8.4.dmg
For OS X Mountain Lion v10.8 and v10.8.2
http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.8

Apple SecUpdSrvr2013-002.dmg
For Mac OS X Server v10.6.8
http://www.apple.com/support/downloads/

Apple Mac OS X 10.7.5

Apple SecUpd2013-002.dmg
For OS X Lion v10.7.5
http://www.apple.com/support/downloads/

Apple SecUpdSrvr2013-002.dmg
For OS X Lion Server v10.7.5
http://www.apple.com/support/downloads/

Apple Mac OS X 10.8.2

Apple OSXUpdCombo10.8.4.dmg
For OS X Mountain Lion v10.8 and v10.8.2
http://www.apple.com/support/downloads/